I have to manually edit the LDIF file to add users, for some novice may be very inconvenient, below I use the graphical interface to manage OpenLDAP, before viewing this article, please check my server deployment documentation .
For OpenLDAP graphical interface management, open source organization also provides GUI management OpenLDAP software, currently open source products are Phpldapadmin, LDAP account Manager, Apache Directory Studio, LDAP admin tools such as Administrator.
First, phpldapadmin deployment
1. Yum Source Configuration
For some of the functionality of the software, I still recommend yum installation, download package installation is troublesome, need to configure Apache, PHP, etc., using Yum installation will give us a button to install, very convenient, this software in the basic Yum source is not, need to configure Epel source, About the configuration you can view my new Machine deployment documentation .
2. Software Installation
Yum Install Phpldapadmin-y
3. Modify the HTTP configuration file
Modify/etc/httpd/conf.d/phpldapadmin.conf as follows, specific restrictions can be modified according to their own actual situation, I here for the convenience of testing, all open, about the issue of login authentication, we can search the Internet for other data configuration.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/E5/wKioL1etjAGArbpAAABtXRQRWtY223.jpg "title=" Qq20160812164226.jpg "alt=" Wkiol1etjagarbpaaabtxrqrwty223.jpg "/>
4. Modify the file/etc/phpldapadmin/config.php
Found it
$servers->setvalue (' login ', ' attr ', 'uid');
Revision changed to
$servers->setvalue (' login ', ' attr ', 'dn');
4. Start the Web service
Service httpd Start
5. Login Verification
Open the browser, I enter the address here is http://192.168.2.10/ldapadmin.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/E5/wKioL1etjxKhquz8AAC-8TqyCbU154.jpg "title=" Qq20160812165501.jpg "alt=" Wkiol1etjxkhquz8aac-8tqycbu154.jpg "/>
After the login is successful, the Phpldapadmin management interface is displayed.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/85/E5/wKioL1etj7GzsYVKAADVTSCBheI467.jpg "title=" Qq20160812165728.jpg "alt=" Wkiol1etj7gzsyvkaadvtscbhei467.jpg "/>
Second, through Phpldapadmin management OpenLDAP
1. Add Users
Log in to the Phpldapadmin management interface and select Ou=people.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/85/E5/wKiom1etk8XSBKRvAABbyd6ARyU327.jpg "title=" Qq20160812170543.jpg "alt=" Wkiom1etk8xsbkrvaabbyd6aryu327.jpg "/>
Select Add Object OU and perform the appropriate action.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/85/E5/wKioL1etk_PixAw-AACu722qL-s950.jpg "title=" Qq20160812170627.jpg "alt=" Wkiol1etk_pixaw-aacu722ql-s950.jpg "/>
Add according to the information in the interface.
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/85/E5/wKiom1etlCXT43ExAACXRQRL8rQ735.jpg "title=" Qq20160812170746.jpg "alt=" Wkiom1etlcxt43exaacxrqrl8rq735.jpg "/>
Confirm the information you added, confirm the error and click the Submit button.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/85/E5/wKioL1etlF6jKaUSAACPfJh0cMU867.jpg "title=" Qq20160812170817.jpg "alt=" Wkiol1etlf6jkausaacpfjh0cmu867.jpg "/>
The entries that are added through the Ldapsearch query are as follows:
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/85/E5/wKioL1etlJHgyqohAABVibjpCDc136.jpg "title=" Qq20160812170938.jpg "alt=" Wkiol1etljhgyqohaabvibjpcdc136.jpg "/>
About the modification of the item, delete I no longer demonstrate here, the operation is very simple.
Problem, Phpldapadmin user cannot log in
[Email protected] ~]# ssh [email protected][email protected] ' s password:permission denied, please try again. [email protected] ' s password:
Workaround:
Because we are missing a Shadowaccount object by default, we can add it.
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/85/E5/wKioL1etminRS-MYAAFjkoEkryo967.jpg "style=" float: none; "title=" qq20160812173725.jpg "alt=" Wkiol1etminrs-myaafjkoekryo967.jpg "/>
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M01/85/E5/wKiom1etmimwMpSPAADG48sn0zI023.jpg "style=" float: none; "title=" qq20160812173746.jpg "alt=" Wkiom1etmimwmpspaadg48sn0zi023.jpg "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/85/E6/wKiom1etmwWwOCFHAACS0f9WnCo046.jpg "title=" Qq20160812174606.jpg "alt=" Wkiom1etmwwwocfhaacs0f9wnco046.jpg "/>
You can log in after this,!!!!!!!!.
Iii. management of OpenLDAP through Lam
1. Lam Software Introduction
LDAP Account Manager (LAM) is a web front-end application that is used to manage users stored in an LDAP directory. Lam is designed to make LDAP management as simple as possible for the user, abstracted from the technical details of LDAP, allowing anyone without a technical background to manage LDAP login privileges (e.g., users, groups, DHCP settings, etc.). If required, the superuser can still edit the LDAP login permissions directly through the integrated LDAP browser.
This article is from the "Little Water Drop" blog, please make sure to keep this source http://wangzan18.blog.51cto.com/8021085/1837363
Graphical management of OpenLDAP